Which of the following BEST enables an information security manager to determine the comprehensiveness of an organization-s information security strategy?
A. Business impact analysis
B. Organizational risk appetite
C. Independent security audit
D. Security risk assessment